Comment on page
Like other DeFi apps, Silo Finance uses third-party services to price token assets listed in the protocol. While our markets (silos) are isolated from each other - meaning risk doesn't spread out - you still face risk in markets you provide liquidity to.
The Silo protocol cannot verify the security and precision of 3rd-party oracles.
The Silo protocol cannot detect when an oracle becomes prone to manipulation.
The Silo protocol cannot prevent an oracle from being manipulated.
The SiloDAO doesn't compensate for lost funds due to third-party services malfunctioning.
The lending app displays risk labels to educate you about oracle risk. For your safety, only deposit liquidity in markets that use oracles you trust.
We recommend you take the following steps to assess risk:
- Research all token assets underlying a market you are depositing into. For example, if you're depositing $USDC to the ARB-ETH-USDC market on Arbitrum, ask yourself about the possibility of the $ARB token being exploited (infinite mint exploit, for example) or DEXs not having enough liquidity to absorb large sell-offs when $ARB collateral gets liquidated. Suppose a token asset doesn't have enough liquidity on DEXs. In that case, you should consider it high risk and avoid depositing liquidity in a market the token asset is part of.
The untold truth about oracles
In most cases, it is economically prohibitive to undertake an oracle manipulation attack. This fact is usually labeled as "Oracle Resilience."
However, Chainlink oracles can sometimes report erroneous prices. This happened during the collapse of the Terra blockchain when the LUNA price oracle at one point reported a significantly higher price than what LUNA was trading at. The discrepancy motivated some users to purchase LUNA on the market for less and deposit it in lending markets that priced LUNA at a much higher value, giving them an inflated borrowing power that eventually led to the loss of millions of dollars.
If the LUNA crisis were to happen today, and the LUNA silo used a Chainlink price feed, only bridge-asset depositors ( i.e., ETH/XAI) depositors in the LUNA silo would suffer loses. In contrast, depositors in other silos would not be affected.
Risk isolation is the first and last line of defense.
Uniswap V3 TWAP oracles are embedded within Uniswap liquidity pools and can be used to source the price of token assets. Because spot prices can be easily manipulated upward or downward, Silo Finance's lending markets always set the oracle window to 30 minutes to obtain a resilient TWAP.
TWAP oracles are incredibly costly to manipulate. However, the cost can decrease significantly under certain conditions:
- When liquidity in a Uniswap V3 pool becomes highly shallow,
- When liquidity in the pool is concentrated in narrow ranges (price ticks)
When enough liquidity (estimated at ~$100K total) is deposited in a Uniswap V3 pool full-range (0 to ∞), the pool's underlying oracle grows highly resilient.
As a general rule, whenever the cost of pumping, or dumping, a token price becomes significantly smaller than a silo's TVL, you should avoid depositing any liquidity.
Please keep in mind APR traps.
There might be situations where attackers inflate APRs to attract liquidity that would make attacks profitable.
- rDPX (deprecated market)
Like most oracle platforms, DIA gathers data from multiple centralized and decentralized exchanges to report on the token price in a given block after applying different filters.
When evaluating the price feed of particulate asses, such as GRAIL, take into consideration the following aspects:
- Update frequency
- 24h volume
How do you find the information?
Navigate to the token's market and hover over "Oracle".
The Silo Llama markets use Curve's USDC-crvUSD pool to determine the value of crvUSD. The Curve pool uses Exponential Moving Average (EMA) to set the value of the underlying assets. The stable/stable pool internally limits the last_price to 2x the 1:1 value. The mechanism prevents one-block attacks since the last_price can't be driven to high values, which overloads the EMA.
In rare cases, the core team develops custom oracles that compute an asset's market value based on custom logic. We currently use two custom oracles:
gOHM uses a custom oracle that computes gOHM value based on Chainlink OHM/ETH data feed and OHM rebase index. Silo Protocol cannot verify the precision or security of the Chainlink feed or OHM rebase index.
Remember that the OHM rebase index is a smart contract developed and maintained by the Olympus DAO. If the index reports erroneous data, there will be unknowable consequences for all users depositing in the gOHM market.
wstETH is the non-rebasing asset of stETH. The asset captures all of Lido's ETH2 staking APY and increases in value over time. To calculate the price of wstETH, we use a custom oracle that computes wstETH value based on Chainlink stETH/ETH data feed and wstETH-stETH Exchange Rate.
If the conversion rate between wstETH-stETH reports erroneous value, there will be unknowable consequences for all depositors in the wstETH silo.
We have worked with the Apostro team to develop a dashboard that tracks the health of our markets on Ethereum and Arbitrum. You can access the tool on the following link:
Oracles are used to:
- Determine the market value of the collateral.
- Determine the market value of loans.
- Enforce over-collateralization rules to protect lenders.
Let's delve into that.
A borrower in one isolated market puts up collateral of a crypto asset to borrow another asset provided by lenders. Collateral must always be larger than the loan - this is called over-collateralization and is coded in the smart contract logic.
If the value of the borrower's collateral declines to a certain level, the market's smart contract attempts to liquidate the collateral - via a 3rd-party service - to protect lenders. This ensures market's solvency.
If oracles report inaccurate prices, over-collateralization rules cannot be enforced.
- Oracle reports an inflated token price; depositors of the value-inflated token borrow more than they should be allowed to. In this case, the over-collateralization rule is compromised, and lenders will likely lose their deposits.
- Oracle reports the deflated price of a token; borrowers of the value-deflated token can borrow more than they should be allowed to. In this case, the over-collateralization rule is compromised, and lenders will likely lose their deposits.